Security Service Edge (SSE) Threat Protection

Security Service Edge (SSE) solutions leverage the cloud’s scalability, flexibility, and operational benefits to deliver security – Access Control, Authentication and Identity, Data Loss Prevention (DLP), DNS protection, Encryption (TLS/SSL), Exploit detection and prevention, Malware and Phishing protection (including via Browser Isolation), Cloud Access / Application control (CASB), and the ability to implement Zero Trust Network Access (ZTNA).

We have categorized these SSE capabilities into the following:

• Platform: Access Control, Authentication and Identity, Encryption (TLS/SSL), ZTNA
• Threat Prevention: Exploit and Malware Prevention, Evasions
• Data Protection: Data Loss Prevention, Cloud Access / Application control (CASB)

This test focuses on the Threat Prevention portion of the service.

From Q4 2024 to Q2 2025 CyberRatings has been performing independent tests of Security Service Edge (SSE) products against the SSE Threat Protection Methodology v2.1. The culmination of these individual test reports will be a Comparative Report to be published in Summer 2025.

An SSE is a purpose-built cloud platform of integrated network security services designed to facilitate secure business use of the Internet.

The products were subjected to thorough testing to determine how they handled TLS/SSL 1.2 and 1.3 cipher suites, how they defended against 205 exploits, 6,184 malware samples from current malware campaigns, and whether any of 1,154 attacks spanning 37 evasion techniques could bypass protection.

Threat actors apply evasion techniques to disguise and modify attacks to avoid detection by security products. Therefore, it is imperative that an SSE correctly handles evasions. An attacker can bypass protection if an SSE fails to detect a single form of evasion.

In addition to the reports available for purchase, the detailed methodology is available with a free subscription and focuses on functionality and performance related to the Threat Prevention portion of the service, including URL Filtering, Browser Isolation, and Sandboxing. This test methodology provides general information, including a description and purpose of the platform as well as the test approach.

Read the reports to see how they performed.

We would like to issue a special thank you to Keysight for providing their CyPerf tool for us to test SSE. We would also like to thank TeraPackets for providing us with their Threat Replayer tool.